General

  • Target

    8ebee1deb3a7563a74f31fdf0fe428b3c7ba7739f79df4f1cecfc86fbf0e93ef

  • Size

    178KB

  • Sample

    241115-smflyavpf1

  • MD5

    24569f89507e1c016aca4c18386189fd

  • SHA1

    5881bb12d69c6028f2e52b66680908ab04e1d2d1

  • SHA256

    8ebee1deb3a7563a74f31fdf0fe428b3c7ba7739f79df4f1cecfc86fbf0e93ef

  • SHA512

    6f34f026e2474a11034749a94b2b6a038ccb36f0dce79a2e0ae3493e0f942065eebe699283e9303dcf59cd699d6a6a188edecf606141be6812131f6452723650

  • SSDEEP

    3072:/L2y/GdynktGDWLS0HZWD5w8K7Nk96D7IBUPZB0zstySfNllXeD:/L2k43tGiL3HJk96D7br0z0rllXo

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://www.yadegarebastan.com/wp-content/mhear/

exe.dropper

http://bikerzonebd.com/wp-admin/89gw/

exe.dropper

http://shptoys.com/_old/bvGej/

exe.dropper

http://www.vestalicom.com/facturation/qgm0t/

exe.dropper

http://www.aliounendiaye.com/wp-content/f3hs6j/

Targets

    • Target

      8ebee1deb3a7563a74f31fdf0fe428b3c7ba7739f79df4f1cecfc86fbf0e93ef

    • Size

      178KB

    • MD5

      24569f89507e1c016aca4c18386189fd

    • SHA1

      5881bb12d69c6028f2e52b66680908ab04e1d2d1

    • SHA256

      8ebee1deb3a7563a74f31fdf0fe428b3c7ba7739f79df4f1cecfc86fbf0e93ef

    • SHA512

      6f34f026e2474a11034749a94b2b6a038ccb36f0dce79a2e0ae3493e0f942065eebe699283e9303dcf59cd699d6a6a188edecf606141be6812131f6452723650

    • SSDEEP

      3072:/L2y/GdynktGDWLS0HZWD5w8K7Nk96D7IBUPZB0zstySfNllXeD:/L2k43tGiL3HJk96D7br0z0rllXo

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks